<?php
include('variables.php');

$connect = mysql_connect($host,$username,$password);
if (!$connect) {
   die('Could not connect: ' . mysql_error());
}
@mysql_select_db($database) or die( "Unable to select database");


function doTheCurl ()
{
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value)
{
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
$ch = curl_init();

// check to see if this is sandbox or not
if ($_POST["test_ipn"] == 1)
{
curl_setopt($ch, CURLOPT_URL, "https://www.sandbox.paypal.com/cgi-bin/webscr");
}
else
{
curl_setopt($ch, CURLOPT_URL, "https://www.paypal.com/cgi-bin/webscr");
}

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$paypal_response = curl_exec ($ch);
curl_close($ch);
return $paypal_response;
}

function doTheHttp ()
{
$req = 'cmd=_notify-validate';
foreach ($_POST as $key => $value)
{
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

// check to see if this is sandbox or not.
if ($_POST["test_ipn"] == 1)
{
$paypal_response = fsockopen ('www.sandbox.paypal.com', 80, $errno, $errstr, 30);
}
else
{
$paypal_response = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);
}

if (!$paypal_response) {
return "ERROR";
}
else
{
fputs ($paypal_response, $header . $req);
while (!feof($paypal_response))
{
$res = fgets ($paypal_response, 1024);
if (strcmp ($res, "VERIFIED") == 0)
{
return "VERIFIED";
}
else if (strcmp ($res, "INVALID") == 0)
{
return "INVALID";
}
}
fclose ($paypal_response);
}
return "ERROR";
}


$paypal_response = doTheCurl();
if (!$paypal_response)
{

$paypal_response = doTheHttp();

}
else
{

}


//get variables
$receiver_email = $_POST['receiver_email'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$payer_email = $_POST['payer_email'];
$item_name = $_POST['item_name'];
$amount = $_POST['mc_gross'];
$payment_status = $_POST['payment_status'];
$txn_type = $_POST['txn_type'];

if ($first_name != "")
$message = "Customer First Name: " . $first_name . "\n";
if ($last_name != "")
$message .= "Customer Last Name: " . $last_name . "\n";
if ($payer_email != "")
$message .= "Customer Email: " . $payer_email . "\n";
if ($item_name != "")
$message .= "Item: " . $item_name . "\n";
if ($amount != "")
$message .= "Amount: " . $amount . "\n";
if ($txn_type != "")
$message .= "Transaction Type: " . $txn_type . "\n";
if ($payer_status != "")
$message .= "Payment Status: " . $payment_status . "\n";


if (ereg('VERIFIED',$paypal_response)) {
$response_verified = 1;
$ipn_result = 'VERIFIED';
if ($payment_status == "Completed")
{

$checkquery = "SELECT * FROM files WHERE paypalname = '$item_name'";
$checkresult = mysql_query($checkquery);

$checkrow=mysql_fetch_assoc($checkresult);

$price = $checkrow["price"];
$filename = $checkrow["filename"];

if ($price == $amount)
{
//send email to buyer
$random = rand();
$string = md5($random);


$query = "INSERT INTO links (getfilename, link, dltimes) VALUES ('$filename', '$string', '3')";
mysql_query($query);
mysql_close($connect);



$to = $payer_email;
$subject = $storename . " Order";
$body = "Your download url:\n" . $scriptpath . "send_url.php?q=" . $string . "\n\nIf you cannot download, please contact us at " . $email . ".";

mail($to, $subject, $body,
    "To: " . $to . "\n" .
    "From: ". $email ."\n" .
    "X-Mailer: PHP 4.x");


mail($email, "Order Received", $message, "From: ". $email);

}
else
{
mail($email, "Order Payment Amount Invalid", $message, "From: ". $email);

}
}

} else if (ereg('INVALID',$paypal_response)) {
$response_invalid = 1;
$ipn_result = 'INVALID';

$message .= "IPN returned invalid\n";

mail($email, "Order Received - Invalid IPN", $message, "From: ". $email);

$to = $payer_email;
$subject = $storename . " Order";
$body = "Your download was not completed, please contact us at " . $email . ".";

mail($to, $subject, $body,
    "To: " . $to . "\n" .
    "From: " . $email . "\n" .
    "X-Mailer: PHP 4.x");


} else {
echo 'Error: no valid $paypal_response received.';

$message .= "No response from Paypal\n";

mail($email, "Order Received - No IPN Response", $message, "From: " . $email);

$to = $payer_email;
$subject = $storename . " Order";
$body = "Your download was not completed, please contact us at " . $email . ".";

mail($to, $subject, $body,
    "To: " . $to . "\n" .
    "From: " . $email . "\n" .
    "X-Mailer: PHP 4.x");
}


?>